A comprehensive behavior-based authentication and privacy-preserving data sharing system for fintech applications, featuring real-time anomaly detection, smart contract integration, and differential privacy.
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Frontend โ โ Flask Gateway โ โ Spring Boot Microservices โ
โ (React, MUI) โโโโโถโ (app.py) โโโโโถโ - Authentication (BBA, ML) โ
โ โ โ - Anomaly Check โ โ - DigiLocker Integration โ
โ - User Flows โ โ - Smart Contract โ โ - Third-party Request/Consentโ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MongoDB โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
fintust-canara/
โโโ app.py # Flask API Gateway with anomaly detection
โโโ backend/
โ โโโ authentication/ # Behavior-based authentication & anomaly detection
โ โ โโโ src/main/java/com/fintech/fintrust/authentication/
โ โ โโโ model/ # User, UserBehavior, AnomalyDetectionResult, etc.
โ โ โโโ service/ # AuthService, AnomalyDetectionService, etc.
โ โ โโโ controller/ # AuthController, AnomalyDetectionController
โ โ โโโ repository/ # UserRepository, UserBehaviorRepository
โ โ โโโ security/ # JWT, OAuth2, AnomalyDetectionFilter
โ โโโ api/ # DigiLocker integration microservice
โ โ โโโ src/main/java/com/digilocker/integration/api/
โ โ โโโ controller/ # DigiLocker OAuth2, document, health endpoints
โ โ โโโ service/ # DigiLockerOAuth2Service, DocumentService
โ โ โโโ repository/ # DigiLockerAuthRepository, UserRepository
โ โ โโโ config/ # Security, RateLimiting, DigiLockerConfig
โ โ โโโ util/ # JWT, HMAC, AES, RateLimiter
โ โโโ request/ # Third-party request, consent, and data minimization
โ โโโ src/main/java/com/thirdparty/user/request/
โ โโโ controller/ # RequestController (initiate, consent, submit, etc.)
โ โโโ service/ # RequestService, AsyncBlockchainService
โ โโโ domain/ # Request, Consent, UserBehavior, DocumentMeta
โ โโโ repository/ # RequestRepository, UserRepository
โ โโโ filter/ # AnomalyDetectionFilter
โ โโโ util/ # JWT, etc.
โโโ frontend/ # React + TypeScript frontend
โ โโโ src/ # Main source code (UI, API calls)
โ โโโ public/ # Static assets
โโโ README.md
- Purpose: Implements behavior-based authentication, user/session management, and real-time anomaly detection using ML/statistical models. Handles smart contract validation and privacy-preserving data sharing logic.
- Key Features:
- User registration, login, JWT/OAuth2
- Behavioral trait collection (typing, touch, device, session)
- Anomaly detection and risk scoring
- Smart contract execution control
- Privacy-preserving data minimization
- Purpose: Integrates with DigiLocker for secure document access, OAuth2 flows, and document verification. Handles secure storage and retrieval of DigiLocker tokens and documents.
- Key Features:
- OAuth2 authorization with DigiLocker
- Secure document fetch, download, and verification
- Token encryption, HMAC validation, and rate limiting
- Health and status endpoints
- Purpose: Manages third-party requests for user data, consent handling, document attachment, and blockchain submission. Orchestrates data minimization and privacy compliance for external requests.
- Key Features:
- Initiate and track data/consent requests
- Field-level and full consent management
- Document upload and validation
- Submit requests to blockchain (with async support)
- Integrates with Flask API for data minimization
- Anomaly detection filter for all requests
- Purpose: Provides a modern, secure, and responsive UI for users to interact with authentication, consent, and document flows. Built with React, TypeScript, and Material UI.
- Key Features:
- User authentication and secure flows
- Dashboard, document management, consent handling (in progress)
- Responsive, accessible design
- API integration with backend services
- Purpose: Serves as the API gateway, handling anomaly detection, smart contract validation, and routing requests to backend microservices. Performs real-time risk assessment and privacy-preserving data minimization.
- Java 17+
- Python 3.8+
- Node.js 16+
- MongoDB 5.0+
- Maven 3.6+
# Authentication Service
cd backend/authentication
mvn spring-boot:run
# DigiLocker API Service
cd ../api
mvn spring-boot:run
# Third-party Request Service
cd ../request
mvn spring-boot:runpython app.pycd frontend
npm install
npm startcurl -X POST http://localhost:5000/api/requests/123/submitForm \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "X-User-ID: user123" \
-H "X-Session-ID: session456" \
-H "X-Device-ID: device789" \
-H "X-User-Location: 12.9716,77.5946" \
-H "X-Typing-Pattern: {\"averageSpeed\": 0.5, \"variance\": 0.1}" \
-H "X-Touch-Pattern: {\"pressure\": 0.8, \"duration\": 0.2}" \
-F 'payload={
"use_case": "Credit Card Issuance",
"form_data": {
"text_fields": {"Phone Number": "9876543210"},
"file_uploads": {}
}
}'# Detect anomaly
curl -X POST http://localhost:8089/api/anomaly/detect \
-H "Content-Type: application/json" \
-d '{
"userId": "user123",
"deviceId": "device789",
"ipAddress": "192.168.1.1",
"actionType": "API_REQUEST"
}'
# Execute smart contract
curl -X POST http://localhost:8089/api/anomaly/smart-contract/execute \
-H "Content-Type: application/json" \
-d '{
"userId": "user123",
"contractFunction": "transferFunds",
"parameters": {"amount": 1000, "recipient": "user456"}
}'// In AnomalyDetectionService.java
private static final double TYPING_ANOMALY_THRESHOLD = 0.7;
private static final double TOUCH_ANOMALY_THRESHOLD = 0.6;
private static final double LOCATION_ANOMALY_THRESHOLD = 0.8;
private static final double SESSION_ANOMALY_THRESHOLD = 0.5;
private static final double OVERALL_ANOMALY_THRESHOLD = 0.6;// In PrivacyPreservingDataService.java
private static final double EPSILON = 0.1; // Differential privacy parameter
private static final String ALGORITHM = "AES/GCM/NoPadding";- Typing Speed: Characters per second
- Typing Variance: Consistency in typing rhythm
- Pause Duration: Time between keystrokes
- Backspace Frequency: Error correction patterns
- Key Press Intervals: Timing between specific keys
- Tap Pressure: Force applied to screen
- Tap Duration: How long touches are held
- Swipe Velocity: Speed of swipe gestures
- Swipe Distance: Length of swipe movements
- Touch Area: Where on screen user touches
- Geographic Location: GPS coordinates
- Location History: Travel patterns
- Location Hash: Privacy-preserving location data
- Distance from Usual Location: Anomaly detection
- Device ID: Known vs unknown devices
- Device Type: Mobile, tablet, desktop
- Device Model: Specific device characteristics
- IP Address: Network location
- Session Duration: How long sessions last
- Request Frequency: API call patterns
- Navigation Flow: Page-to-page movement
- Time of Day: Usage patterns
- LOW (0.0-0.3): Basic monitoring, allow access
- MEDIUM (0.3-0.6): Enhanced monitoring, limited features
- HIGH (0.6-0.8): Multi-factor authentication required
- CRITICAL (0.8-1.0): Immediate block, account freeze
- Execution Control: Only executes when anomaly score < 0.8
- Multi-signature: Required for high-value transactions
- Time Locks: Delayed execution for suspicious activities
- Audit Trail: Complete blockchain-based logging
- Use Case Based: Only required fields per use case
- Field Masking: Sensitive data masking (PAN, Aadhar, Phone)
- Address Generalization: City-level location only
- File Filtering: Only essential documents shared
- Laplace Noise: Mathematical noise addition
- K-Anonymity: Group-based anonymization
- Epsilon Parameter: Privacy vs utility trade-off
- Sensitivity Analysis: Impact assessment
- AES-256-GCM: Military-grade encryption
- Token Generation: Secure token replacement
- Key Management: Secure key storage
- Data Residency: Local data storage compliance
- Statistical Analysis: Z-score, IQR methods
- Isolation Forest: Unsupervised anomaly detection
- One-Class SVM: Novelty detection
- Autoencoder: Deep learning anomaly detection
- Temporal Features: Time-based patterns
- Spatial Features: Location-based analysis
- Behavioral Features: User interaction patterns
- Contextual Features: Environmental factors
- Historical Data: User behavior history
- Baseline Establishment: Normal behavior patterns
- Continuous Learning: Adaptive model updates
- Performance Monitoring: Accuracy and F1-score tracking
{
"use_case": "Credit Card Issuance",
"minimum_required_fields": ["PAN Card", "Aadhar", "Phone Number"],
"form_data": {
"text_fields": {"Phone Number": "987****210"},
"file_uploads": {"PAN_Card": {...}}
},
"security_metadata": {
"anomaly_detection_performed": true,
"anomaly_score": 0.15,
"risk_level": "LOW",
"smart_contract_validated": true,
"privacy_preserving_minimization_applied": true
}
}{
"error": "ANOMALY_DETECTED",
"message": "Access blocked due to detected anomaly",
"anomalyScore": 0.85,
"riskLevel": "HIGH",
"riskFactors": ["UNUSUAL_LOCATION", "UNKNOWN_DEVICE"],
"recommendedAction": "BLOCK"
}- Extend
UserBehavior.javamodel - Update
AnomalyDetectionService.javawith new calculation methods - Modify
AnomalyDetectionFilter.javato extract new data - Update thresholds and risk assessment logic
- Modify
PrivacyPreservingDataService.java - Update field minimization logic
- Adjust differential privacy parameters
- Configure compliance frameworks
- Update
SmartContractService.javawith your blockchain - Configure contract addresses and ABIs
- Implement transaction validation logic
- Add multi-signature requirements
- Data Minimization: Only necessary data collected
- Consent Management: Explicit user consent
- Right to Erasure: Data deletion capabilities
- Data Portability: Export user data
- Privacy by Design: Built-in privacy protection
- Data Principal Rights: User control over data
- Consent Framework: Granular consent management
- Data Localization: Local data storage
- Breach Notification: Incident reporting
- Cross-border Transfer: Restricted data sharing
cd backend/authentication
mvn test# Test anomaly detection
curl -X POST http://localhost:8089/api/anomaly/detect \
-H "Content-Type: application/json" \
-d @test_data.json
# Test privacy protection
curl -X POST http://localhost:5000/api/requests/123/submitForm \
-F 'payload=@test_payload.json'- Load Testing: Apache JMeter scripts included
- Stress Testing: High-volume anomaly detection
- Latency Testing: Response time optimization
- Accuracy Testing: False positive/negative analysis
# Build and run with Docker Compose
docker-compose up -d# Deploy to Kubernetes cluster
kubectl apply -f k8s/- SSL/TLS: HTTPS encryption
- Rate Limiting: API protection
- Monitoring: Prometheus + Grafana
- Logging: ELK stack integration
- Backup: Automated data backup
- Fork the repository
- Create a feature branch
- Implement your changes
- Add tests
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions:
- Create an issue in the repository
- Contact the development team
- Check the documentation
- Biometric Integration: Fingerprint, face recognition
- Advanced ML Models: Deep learning for better accuracy
- Real-time Streaming: Apache Kafka integration
- Microservices: Service mesh architecture
- Edge Computing: Local anomaly detection
- Quantum Security: Post-quantum cryptography
Built with โค๏ธ for secure and privacy-preserving fintech applications